npm - @fuzdev/fuz_app - Versions diffs - 0.55.0 → 0.57.0 - Mend

@fuzdev/fuz_app 0.55.0 → 0.57.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/dist/actions/CLAUDE.md +211 -155
package/dist/actions/action_bridge.d.ts +8 -5
package/dist/actions/action_bridge.d.ts.map +1 -1
package/dist/actions/action_bridge.js +1 -11
package/dist/actions/action_codegen.d.ts +19 -0
package/dist/actions/action_codegen.d.ts.map +1 -1
package/dist/actions/action_codegen.js +20 -14
package/dist/actions/action_registry.d.ts.map +1 -1
package/dist/actions/action_registry.js +5 -2
package/dist/actions/action_rpc.d.ts +110 -44
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +92 -287
package/dist/actions/action_spec.d.ts +55 -16
package/dist/actions/action_spec.d.ts.map +1 -1
package/dist/actions/action_spec.js +16 -11
package/dist/actions/action_types.d.ts +28 -60
package/dist/actions/action_types.d.ts.map +1 -1
package/dist/actions/action_types.js +13 -5
package/dist/actions/broadcast_api.d.ts +2 -2
package/dist/actions/broadcast_api.js +2 -2
package/dist/actions/compile_action_registry.d.ts +50 -0
package/dist/actions/compile_action_registry.d.ts.map +1 -0
package/dist/actions/compile_action_registry.js +69 -0
package/dist/actions/heartbeat.d.ts +8 -4
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -4
package/dist/actions/perform_action.d.ts +145 -0
package/dist/actions/perform_action.d.ts.map +1 -0
package/dist/actions/perform_action.js +258 -0
package/dist/actions/register_action_ws.d.ts +44 -38
package/dist/actions/register_action_ws.d.ts.map +1 -1
package/dist/actions/register_action_ws.js +101 -159
package/dist/actions/register_ws_endpoint.d.ts +2 -10
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +32 -10
package/dist/actions/transports_ws_auth_guard.d.ts +1 -1
package/dist/actions/transports_ws_auth_guard.js +1 -1
package/dist/actions/transports_ws_backend.d.ts +1 -1
package/dist/actions/transports_ws_backend.js +1 -1
package/dist/auth/CLAUDE.md +673 -442
package/dist/auth/account_action_specs.d.ts +28 -7
package/dist/auth/account_action_specs.d.ts.map +1 -1
package/dist/auth/account_action_specs.js +7 -7
package/dist/auth/account_actions.d.ts +8 -14
package/dist/auth/account_actions.d.ts.map +1 -1
package/dist/auth/account_actions.js +26 -32
package/dist/auth/account_queries.d.ts +46 -13
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +73 -33
package/dist/auth/account_routes.d.ts +4 -3
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +58 -33
package/dist/auth/account_schema.d.ts +46 -54
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +21 -48
package/dist/auth/admin_action_specs.d.ts +55 -21
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +42 -26
package/dist/auth/admin_actions.d.ts +14 -21
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +47 -44
package/dist/auth/audit_emitter.d.ts +160 -0
package/dist/auth/audit_emitter.d.ts.map +1 -0
package/dist/auth/audit_emitter.js +83 -0
package/dist/auth/audit_log_queries.d.ts +17 -87
package/dist/auth/audit_log_queries.d.ts.map +1 -1
package/dist/auth/audit_log_queries.js +17 -96
package/dist/auth/audit_log_routes.d.ts +1 -1
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +7 -3
package/dist/auth/audit_log_schema.d.ts +48 -42
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +56 -43
package/dist/auth/auth_guard_resolver.d.ts +44 -0
package/dist/auth/auth_guard_resolver.d.ts.map +1 -0
package/dist/auth/auth_guard_resolver.js +56 -0
package/dist/auth/bootstrap_account.d.ts +7 -7
package/dist/auth/bootstrap_account.d.ts.map +1 -1
package/dist/auth/bootstrap_account.js +7 -7
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +11 -10
package/dist/auth/cleanup.d.ts +20 -26
package/dist/auth/cleanup.d.ts.map +1 -1
package/dist/auth/cleanup.js +33 -47
package/dist/auth/credential_type_schema.d.ts +115 -0
package/dist/auth/credential_type_schema.d.ts.map +1 -0
package/dist/auth/credential_type_schema.js +127 -0
package/dist/auth/daemon_token_middleware.d.ts +1 -1
package/dist/auth/daemon_token_middleware.js +3 -3
package/dist/auth/ddl.d.ts +2 -2
package/dist/auth/ddl.d.ts.map +1 -1
package/dist/auth/ddl.js +6 -6
package/dist/auth/deps.d.ts +7 -32
package/dist/auth/deps.d.ts.map +1 -1
package/dist/auth/grant_path_schema.d.ts +117 -0
package/dist/auth/grant_path_schema.d.ts.map +1 -0
package/dist/auth/grant_path_schema.js +137 -0
package/dist/auth/invite_queries.d.ts +12 -1
package/dist/auth/invite_queries.d.ts.map +1 -1
package/dist/auth/invite_queries.js +12 -1
package/dist/auth/invite_schema.d.ts +1 -1
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +1 -1
package/dist/auth/middleware.d.ts.map +1 -1
package/dist/auth/middleware.js +5 -2
package/dist/auth/migrations.d.ts +22 -7
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +64 -25
package/dist/auth/request_context.d.ts +157 -170
package/dist/auth/request_context.d.ts.map +1 -1
package/dist/auth/request_context.js +224 -268
package/dist/auth/{permit_offer_action_specs.d.ts → role_grant_offer_action_specs.d.ts} +130 -100
package/dist/auth/role_grant_offer_action_specs.d.ts.map +1 -0
package/dist/auth/role_grant_offer_action_specs.js +262 -0
package/dist/auth/role_grant_offer_actions.d.ts +104 -0
package/dist/auth/role_grant_offer_actions.d.ts.map +1 -0
package/dist/auth/{permit_offer_actions.js → role_grant_offer_actions.js} +153 -140
package/dist/auth/{permit_offer_notifications.d.ts → role_grant_offer_notifications.d.ts} +80 -70
package/dist/auth/role_grant_offer_notifications.d.ts.map +1 -0
package/dist/auth/role_grant_offer_notifications.js +182 -0
package/dist/auth/{permit_offer_queries.d.ts → role_grant_offer_queries.d.ts} +64 -64
package/dist/auth/role_grant_offer_queries.d.ts.map +1 -0
package/dist/auth/{permit_offer_queries.js → role_grant_offer_queries.js} +136 -123
package/dist/auth/role_grant_offer_schema.d.ts +150 -0
package/dist/auth/role_grant_offer_schema.d.ts.map +1 -0
package/dist/auth/{permit_offer_schema.js → role_grant_offer_schema.js} +55 -36
package/dist/auth/role_grant_queries.d.ts +231 -0
package/dist/auth/role_grant_queries.d.ts.map +1 -0
package/dist/auth/role_grant_queries.js +320 -0
package/dist/auth/role_schema.d.ts +150 -40
package/dist/auth/role_schema.d.ts.map +1 -1
package/dist/auth/role_schema.js +144 -45
package/dist/auth/scope_kind_schema.d.ts +96 -0
package/dist/auth/scope_kind_schema.d.ts.map +1 -0
package/dist/auth/scope_kind_schema.js +94 -0
package/dist/auth/self_service_role_action_specs.d.ts +4 -1
package/dist/auth/self_service_role_action_specs.d.ts.map +1 -1
package/dist/auth/self_service_role_action_specs.js +2 -2
package/dist/auth/self_service_role_actions.d.ts +35 -29
package/dist/auth/self_service_role_actions.d.ts.map +1 -1
package/dist/auth/self_service_role_actions.js +58 -48
package/dist/auth/session_cookie.d.ts +43 -6
package/dist/auth/session_cookie.d.ts.map +1 -1
package/dist/auth/session_cookie.js +31 -5
package/dist/auth/session_middleware.d.ts +37 -3
package/dist/auth/session_middleware.d.ts.map +1 -1
package/dist/auth/session_middleware.js +33 -7
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +48 -19
package/dist/auth/standard_action_specs.d.ts +2 -2
package/dist/auth/standard_action_specs.js +4 -4
package/dist/auth/standard_rpc_actions.d.ts +23 -19
package/dist/auth/standard_rpc_actions.d.ts.map +1 -1
package/dist/auth/standard_rpc_actions.js +12 -12
package/dist/db/migrate.d.ts +1 -1
package/dist/db/migrate.js +1 -1
package/dist/dev/setup.d.ts +2 -2
package/dist/dev/setup.d.ts.map +1 -1
package/dist/dev/setup.js +4 -4
package/dist/env/load.d.ts +1 -1
package/dist/env/load.js +1 -1
package/dist/hono_context.d.ts +27 -45
package/dist/hono_context.d.ts.map +1 -1
package/dist/hono_context.js +14 -28
package/dist/http/CLAUDE.md +235 -121
package/dist/http/auth_shape.d.ts +191 -0
package/dist/http/auth_shape.d.ts.map +1 -0
package/dist/http/auth_shape.js +237 -0
package/dist/http/common_routes.js +3 -3
package/dist/http/db_routes.d.ts +4 -0
package/dist/http/db_routes.d.ts.map +1 -1
package/dist/http/db_routes.js +44 -7
package/dist/http/error_schemas.d.ts +72 -39
package/dist/http/error_schemas.d.ts.map +1 -1
package/dist/http/error_schemas.js +81 -33
package/dist/http/pending_effects.d.ts +71 -18
package/dist/http/pending_effects.d.ts.map +1 -1
package/dist/http/pending_effects.js +87 -18
package/dist/http/proxy.d.ts +52 -5
package/dist/http/proxy.d.ts.map +1 -1
package/dist/http/proxy.js +92 -14
package/dist/http/route_spec.d.ts +89 -75
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +54 -72
package/dist/http/schema_helpers.d.ts +3 -14
package/dist/http/schema_helpers.d.ts.map +1 -1
package/dist/http/schema_helpers.js +2 -14
package/dist/http/surface.d.ts +2 -10
package/dist/http/surface.d.ts.map +1 -1
package/dist/http/surface.js +3 -4
package/dist/http/surface_query.d.ts +39 -35
package/dist/http/surface_query.d.ts.map +1 -1
package/dist/http/surface_query.js +79 -36
package/dist/primitive_schemas.d.ts +39 -0
package/dist/primitive_schemas.d.ts.map +1 -0
package/dist/primitive_schemas.js +40 -0
package/dist/realtime/sse_auth_guard.d.ts +5 -5
package/dist/realtime/sse_auth_guard.js +9 -9
package/dist/runtime/mock.d.ts +1 -1
package/dist/runtime/mock.js +1 -1
package/dist/server/app_backend.d.ts +14 -11
package/dist/server/app_backend.d.ts.map +1 -1
package/dist/server/app_backend.js +12 -8
package/dist/server/app_server.d.ts +7 -7
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +35 -40
package/dist/server/validate_nginx.d.ts +1 -1
package/dist/server/validate_nginx.js +1 -1
package/dist/testing/CLAUDE.md +50 -38
package/dist/testing/admin_integration.d.ts +5 -6
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +87 -85
package/dist/testing/app_server.d.ts +11 -14
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/app_server.js +16 -15
package/dist/testing/assertions.d.ts.map +1 -1
package/dist/testing/assertions.js +2 -1
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +15 -9
package/dist/testing/audit_completeness.d.ts +2 -2
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +36 -36
package/dist/testing/auth_apps.d.ts +5 -4
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +22 -19
package/dist/testing/data_exposure.d.ts.map +1 -1
package/dist/testing/data_exposure.js +5 -5
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +4 -4
package/dist/testing/db_entities.d.ts +22 -0
package/dist/testing/db_entities.d.ts.map +1 -0
package/dist/testing/db_entities.js +28 -0
package/dist/testing/entities.d.ts +8 -7
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +21 -18
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +13 -14
package/dist/testing/integration_helpers.d.ts +4 -4
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +20 -18
package/dist/testing/middleware.d.ts +4 -4
package/dist/testing/middleware.d.ts.map +1 -1
package/dist/testing/middleware.js +12 -11
package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
package/dist/testing/rpc_attack_surface.js +40 -24
package/dist/testing/rpc_round_trip.d.ts +1 -1
package/dist/testing/rpc_round_trip.d.ts.map +1 -1
package/dist/testing/rpc_round_trip.js +14 -13
package/dist/testing/sse_round_trip.d.ts +3 -4
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +7 -11
package/dist/testing/standard.d.ts +1 -1
package/dist/testing/stubs.d.ts +25 -0
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +43 -2
package/dist/testing/surface_invariants.d.ts +14 -6
package/dist/testing/surface_invariants.d.ts.map +1 -1
package/dist/testing/surface_invariants.js +119 -43
package/dist/testing/ws_round_trip.d.ts +12 -13
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +19 -11
package/dist/ui/AdminAccounts.svelte +23 -20
package/dist/ui/AdminOverview.svelte +15 -13
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/{AdminPermitHistory.svelte → AdminRoleGrantHistory.svelte} +12 -12
package/dist/ui/AdminRoleGrantHistory.svelte.d.ts +4 -0
package/dist/ui/AdminRoleGrantHistory.svelte.d.ts.map +1 -0
package/dist/ui/BootstrapForm.svelte +1 -1
package/dist/ui/CLAUDE.md +60 -60
package/dist/ui/{PermitOfferForm.svelte → RoleGrantOfferForm.svelte} +27 -26
package/dist/ui/{PermitOfferForm.svelte.d.ts → RoleGrantOfferForm.svelte.d.ts} +7 -7
package/dist/ui/RoleGrantOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/{PermitOfferHistory.svelte → RoleGrantOfferHistory.svelte} +12 -12
package/dist/ui/{PermitOfferHistory.svelte.d.ts → RoleGrantOfferHistory.svelte.d.ts} +4 -4
package/dist/ui/RoleGrantOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/{PermitOfferInbox.svelte → RoleGrantOfferInbox.svelte} +14 -14
package/dist/ui/{PermitOfferInbox.svelte.d.ts → RoleGrantOfferInbox.svelte.d.ts} +4 -4
package/dist/ui/RoleGrantOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/SignupForm.svelte +1 -1
package/dist/ui/SurfaceExplorer.svelte +35 -15
package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.d.ts +2 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +2 -3
package/dist/ui/admin_accounts_state.svelte.d.ts +18 -18
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +16 -16
package/dist/ui/admin_rpc_adapters.d.ts +20 -20
package/dist/ui/admin_rpc_adapters.d.ts.map +1 -1
package/dist/ui/admin_rpc_adapters.js +17 -17
package/dist/ui/admin_sessions_state.svelte.d.ts +2 -2
package/dist/ui/admin_sessions_state.svelte.js +2 -2
package/dist/ui/audit_log_state.svelte.d.ts +7 -7
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +6 -6
package/dist/ui/auth_state.svelte.d.ts +3 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +6 -6
package/dist/ui/format_scope.d.ts +2 -2
package/dist/ui/format_scope.js +2 -2
package/dist/ui/{permit_offers_state.svelte.d.ts → role_grant_offers_state.svelte.d.ts} +30 -30
package/dist/ui/role_grant_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/{permit_offers_state.svelte.js → role_grant_offers_state.svelte.js} +18 -18
package/dist/ui/ui_format.js +2 -2
package/package.json +3 -3
package/dist/auth/permit_offer_action_specs.d.ts.map +0 -1
package/dist/auth/permit_offer_action_specs.js +0 -258
package/dist/auth/permit_offer_actions.d.ts +0 -110
package/dist/auth/permit_offer_actions.d.ts.map +0 -1
package/dist/auth/permit_offer_notifications.d.ts.map +0 -1
package/dist/auth/permit_offer_notifications.js +0 -182
package/dist/auth/permit_offer_queries.d.ts.map +0 -1
package/dist/auth/permit_offer_schema.d.ts +0 -125
package/dist/auth/permit_offer_schema.d.ts.map +0 -1
package/dist/auth/permit_queries.d.ts +0 -222
package/dist/auth/permit_queries.d.ts.map +0 -1
package/dist/auth/permit_queries.js +0 -305
package/dist/auth/require_keeper.d.ts +0 -20
package/dist/auth/require_keeper.d.ts.map +0 -1
package/dist/auth/require_keeper.js +0 -35
package/dist/auth/route_guards.d.ts +0 -27
package/dist/auth/route_guards.d.ts.map +0 -1
package/dist/auth/route_guards.js +0 -38
package/dist/auth/session_lifecycle.d.ts +0 -37
package/dist/auth/session_lifecycle.d.ts.map +0 -1
package/dist/auth/session_lifecycle.js +0 -29
package/dist/ui/AdminPermitHistory.svelte.d.ts +0 -4
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferForm.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +0 -1
package/dist/ui/permit_offers_state.svelte.d.ts.map +0 -1

package/dist/auth/admin_action_specs.d.ts CHANGED Viewed

@@ -17,11 +17,17 @@
  */
 import { z } from 'zod';
 import type { RequestResponseActionSpec } from '../actions/action_spec.js';
-/** Max audit-log page size. Mirrors the former REST route's clamp. */
+/** Max audit-log page size. */
 export declare const AUDIT_LOG_LIST_LIMIT_MAX = 200;
+/** Default `admin_account_list` page size. */
+export declare const ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT = 50;
+/** Max `admin_account_list` page size. */
+export declare const ADMIN_ACCOUNT_LIST_LIMIT_MAX = 200;
 /** Input for `admin_account_list`. */
 export declare const AdminAccountListInput: z.ZodObject<{
     acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+    limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+    offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
 }, z.core.$strict>;
 export type AdminAccountListInput = z.infer<typeof AdminAccountListInput>;
 /** Output for `admin_account_list`. */
@@ -40,9 +46,10 @@ export declare const AdminAccountListOutput: z.ZodObject<{
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             name: z.ZodString;
         }, z.core.$strict>>;
-        permits: z.ZodArray<z.ZodObject<{
+        role_grants: z.ZodArray<z.ZodObject<{
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             role: z.ZodString;
+            scope_kind: z.ZodNullable<z.ZodString>;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             created_at: z.ZodString;
             expires_at: z.ZodNullable<z.ZodString>;
@@ -51,6 +58,7 @@ export declare const AdminAccountListOutput: z.ZodObject<{
         pending_offers: z.ZodArray<z.ZodObject<{
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             role: z.ZodString;
+            scope_kind: z.ZodNullable<z.ZodString>;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_username: z.ZodString;
@@ -143,15 +151,15 @@ export declare const AuditLogListOutput: z.ZodObject<{
     }, z.core.$strict>>;
 }, z.core.$strict>;
 export type AuditLogListOutput = z.infer<typeof AuditLogListOutput>;
-/** Input for `audit_log_permit_history`. */
-export declare const AuditLogPermitHistoryInput: z.ZodObject<{
+/** Input for `audit_log_role_grant_history`. */
+export declare const AuditLogRoleGrantHistoryInput: z.ZodObject<{
     limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
     offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
     acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
-export type AuditLogPermitHistoryInput = z.infer<typeof AuditLogPermitHistoryInput>;
-/** Output for `audit_log_permit_history`. */
-export declare const AuditLogPermitHistoryOutput: z.ZodObject<{
+export type AuditLogRoleGrantHistoryInput = z.infer<typeof AuditLogRoleGrantHistoryInput>;
+/** Output for `audit_log_role_grant_history`. */
+export declare const AuditLogRoleGrantHistoryOutput: z.ZodObject<{
     events: z.ZodArray<z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         seq: z.ZodNumber;
@@ -171,7 +179,7 @@ export declare const AuditLogPermitHistoryOutput: z.ZodObject<{
         target_username: z.ZodNullable<z.ZodString>;
     }, z.core.$strict>>;
 }, z.core.$strict>;
-export type AuditLogPermitHistoryOutput = z.infer<typeof AuditLogPermitHistoryOutput>;
+export type AuditLogRoleGrantHistoryOutput = z.infer<typeof AuditLogRoleGrantHistoryOutput>;
 /** Input for `invite_create`. At least one of `email` / `username` must be provided. */
 export declare const InviteCreateInput: z.ZodObject<{
     email: z.ZodOptional<z.ZodNullable<z.ZodEmail>>;
@@ -261,11 +269,15 @@ export declare const admin_account_list_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: false;
     input: z.ZodObject<{
         acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+        offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
     }, z.core.$strict>;
     output: z.ZodObject<{
         accounts: z.ZodArray<z.ZodObject<{
@@ -282,9 +294,10 @@ export declare const admin_account_list_action_spec: {
                 id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
                 name: z.ZodString;
             }, z.core.$strict>>;
-            permits: z.ZodArray<z.ZodObject<{
+            role_grants: z.ZodArray<z.ZodObject<{
                 id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
                 role: z.ZodString;
+                scope_kind: z.ZodNullable<z.ZodString>;
                 scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
                 created_at: z.ZodString;
                 expires_at: z.ZodNullable<z.ZodString>;
@@ -293,6 +306,7 @@ export declare const admin_account_list_action_spec: {
             pending_offers: z.ZodArray<z.ZodObject<{
                 id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
                 role: z.ZodString;
+                scope_kind: z.ZodNullable<z.ZodString>;
                 scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
                 from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
                 from_username: z.ZodString;
@@ -310,7 +324,9 @@ export declare const admin_session_list_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: false;
     input: z.ZodObject<{
@@ -334,7 +350,9 @@ export declare const admin_session_revoke_all_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: true;
     input: z.ZodObject<{
@@ -354,7 +372,9 @@ export declare const admin_token_revoke_all_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: true;
     input: z.ZodObject<{
@@ -374,7 +394,9 @@ export declare const audit_log_list_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: false;
     input: z.ZodObject<{
@@ -412,12 +434,14 @@ export declare const audit_log_list_action_spec: {
     async: true;
     description: string;
 };
-export declare const audit_log_permit_history_action_spec: {
+export declare const audit_log_role_grant_history_action_spec: {
     method: string;
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: false;
     input: z.ZodObject<{
@@ -453,7 +477,9 @@ export declare const invite_create_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: true;
     input: z.ZodObject<{
@@ -482,7 +508,9 @@ export declare const invite_list_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: false;
     input: z.ZodObject<{
@@ -509,7 +537,9 @@ export declare const invite_delete_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: true;
     input: z.ZodObject<{
@@ -528,7 +558,9 @@ export declare const app_settings_get_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: false;
     input: z.ZodObject<{
@@ -550,7 +582,9 @@ export declare const app_settings_update_action_spec: {
     kind: "request_response";
     initiator: "frontend";
     auth: {
-        role: string;
+        account: "required";
+        actor: "required";
+        roles: string[];
     };
     side_effects: true;
     input: z.ZodObject<{

package/dist/auth/admin_action_specs.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;~~AAczE,sEAAsE~~;~~AACtE~~,eAAO,MAAM,wBAAwB,MAAM,CAAC;~~AAI5C~~,sCAAsC;AACtC,eAAO,MAAM,qBAAqB~~;;kBAEhC~~,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;kBAEhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAGrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;;kBAGnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;kBAuB5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,~~4CAA4C~~;~~AAC5C~~,eAAO,MAAM,~~0BAA0B~~;;;;~~kBAYrC~~,CAAC;AACH,MAAM,MAAM,~~0BAA0B~~,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,~~0BAA0B~~,CAAC,CAAC;~~AAEpF~~,~~6CAA6C~~;~~AAC7C~~,eAAO,MAAM,~~2BAA2B~~;;;;;;;;;;;;;;;;;;;~~kBAEtC~~,CAAC;AACH,MAAM,MAAM,~~2BAA2B~~,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,~~2BAA2B~~,CAAC,CAAC;~~AAEtF~~,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;;kBAI5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe;;kBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,oCAAoC;AACpC,eAAO,MAAM,mBAAmB;;kBAE9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E,eAAO,MAAM,8BAA8B~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAUN,CAAC;AAEtC,eAAO,MAAM,8BAA8B~~;;;;;;;;;;;;;;;;;;;;;;;~~CAUN,CAAC;AAEtC,eAAO,MAAM,oCAAoC~~;;;;;;;;;;;;;;;;;;;~~CAWZ,CAAC;AAEtC,eAAO,MAAM,kCAAkC~~;;;;;;;;;;;;;;;;;;;~~CAWV,CAAC;AAEtC,eAAO,MAAM,0BAA0B~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAUF,CAAC;AAEtC,eAAO,MAAM,~~oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUZ~~,CAAC;AAEtC,eAAO,MAAM,yBAAyB~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAWD,CAAC;AAEtC,eAAO,MAAM,uBAAuB~~;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAUC,CAAC;AAEtC,eAAO,MAAM,yBAAyB~~;;;;;;;;;;;;;;;;;;~~CAWD,CAAC;AAEtC,eAAO,MAAM,4BAA4B~~;;;;;;;;;;;;;;;;;;;;;~~CAUJ,CAAC;AAEtC,eAAO,MAAM,+BAA+B~~;;;;;;;;;;;;;;;;;;;;;;;;~~CAWP,CAAC;AAEtC;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,EAAE,KAAK,CAAC,yBAAyB,CAYnE,CAAC"}
1	+ {"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAgBzE,+BAA+B;AAC/B,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,8CAA8C;AAC9C,eAAO,MAAM,gCAAgC,KAAK,CAAC;AACnD,0CAA0C;AAC1C,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAIhD,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;kBAYhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;kBAEhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAGrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;;kBAGnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;kBAuB5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gDAAgD;AAChD,eAAO,MAAM,6BAA6B;;;;kBAYxC,CAAC;AACH,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE1F,iDAAiD;AACjD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;kBAEzC,CAAC;AACH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAE5F,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;;kBAI5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe;;kBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,oCAAoC;AACpC,eAAO,MAAM,mBAAmB;;kBAE9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;CAWZ,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;CAWV,CAAC;AAEtC,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUF,CAAC;AAEtC,eAAO,MAAM,wCAAwC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUhB,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUC,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;CAUJ,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;CAWP,CAAC;AAEtC;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,EAAE,KAAK,CAAC,yBAAyB,CAYnE,CAAC"}

package/dist/auth/admin_action_specs.js CHANGED Viewed

@@ -18,16 +18,32 @@
 import { z } from 'zod';
 import { Uuid } from '@fuzdev/fuz_util/id.js';
 import { ROLE_ADMIN, RoleName } from './role_schema.js';
-import { ActingActor, AdminAccountEntryJson, Email, Username } from './account_schema.js';
-import { AdminSessionJson, AUDIT_LOG_DEFAULT_LIMIT, AuditEventTypeName, AuditLogEventWithUsernamesJson, AuditOutcome, PermitHistoryEventJson, } from './audit_log_schema.js';
+import { AdminAccountEntryJson } from './account_schema.js';
+import { Email, Username } from '../primitive_schemas.js';
+import { ActingActor } from '../http/auth_shape.js';
+import { AdminSessionJson, AUDIT_LOG_DEFAULT_LIMIT, AuditEventTypeName, AuditLogEventWithUsernamesJson, AuditOutcome, RoleGrantHistoryEventJson, } from './audit_log_schema.js';
 import { InviteJson, InviteWithUsernamesJson } from './invite_schema.js';
 import { AppSettingsWithUsernameJson } from './app_settings_schema.js';
-/** Max audit-log page size. Mirrors the former REST route's clamp. */
+/** Max audit-log page size. */
 export const AUDIT_LOG_LIST_LIMIT_MAX = 200;
+/** Default `admin_account_list` page size. */
+export const ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT = 50;
+/** Max `admin_account_list` page size. */
+export const ADMIN_ACCOUNT_LIST_LIMIT_MAX = 200;
 // -- Input/output schemas ---------------------------------------------------
 /** Input for `admin_account_list`. */
 export const AdminAccountListInput = z.strictObject({
     acting: ActingActor,
+    limit: z
+        .number()
+        .int()
+        .min(1)
+        .max(ADMIN_ACCOUNT_LIST_LIMIT_MAX)
+        .nullish()
+        .meta({
+        description: `Max accounts to return (default ${ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT}, max ${ADMIN_ACCOUNT_LIST_LIMIT_MAX}).`,
+    }),
+    offset: z.number().int().min(0).nullish().meta({ description: 'Pagination offset.' }),
 });
 /** Output for `admin_account_list`. */
 export const AdminAccountListOutput = z.strictObject({
@@ -95,8 +111,8 @@ export const AuditLogListInput = z.strictObject({
 export const AuditLogListOutput = z.strictObject({
     events: z.array(AuditLogEventWithUsernamesJson),
 });
-/** Input for `audit_log_permit_history`. */
-export const AuditLogPermitHistoryInput = z.strictObject({
+/** Input for `audit_log_role_grant_history`. */
+export const AuditLogRoleGrantHistoryInput = z.strictObject({
     limit: z
         .number()
         .int()
@@ -109,9 +125,9 @@ export const AuditLogPermitHistoryInput = z.strictObject({
     offset: z.number().int().min(0).nullish().meta({ description: 'Pagination offset.' }),
     acting: ActingActor,
 });
-/** Output for `audit_log_permit_history`. */
-export const AuditLogPermitHistoryOutput = z.strictObject({
-    events: z.array(PermitHistoryEventJson),
+/** Output for `audit_log_role_grant_history`. */
+export const AuditLogRoleGrantHistoryOutput = z.strictObject({
+    events: z.array(RoleGrantHistoryEventJson),
 });
 /** Input for `invite_create`. At least one of `email` / `username` must be provided. */
 export const InviteCreateInput = z.strictObject({
@@ -164,18 +180,18 @@ export const admin_account_list_action_spec = {
     method: 'admin_account_list',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: false,
     input: AdminAccountListInput,
     output: AdminAccountListOutput,
     async: true,
-    description: 'List all accounts with their actors, permits, and pending offers. Admin-only.',
+    description: 'List all accounts with their actors, role_grants, and pending offers. Admin-only.',
 };
 export const admin_session_list_action_spec = {
     method: 'admin_session_list',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: false,
     input: AdminSessionListInput,
     output: AdminSessionListOutput,
@@ -186,7 +202,7 @@ export const admin_session_revoke_all_action_spec = {
     method: 'admin_session_revoke_all',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: true,
     input: AdminSessionRevokeAllInput,
     output: AdminSessionRevokeAllOutput,
@@ -198,7 +214,7 @@ export const admin_token_revoke_all_action_spec = {
     method: 'admin_token_revoke_all',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: true,
     input: AdminTokenRevokeAllInput,
     output: AdminTokenRevokeAllOutput,
@@ -210,29 +226,29 @@ export const audit_log_list_action_spec = {
     method: 'audit_log_list',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: false,
     input: AuditLogListInput,
     output: AuditLogListOutput,
     async: true,
     description: 'List audit log events with optional filters. Admin-only.',
 };
-export const audit_log_permit_history_action_spec = {
-    method: 'audit_log_permit_history',
+export const audit_log_role_grant_history_action_spec = {
+    method: 'audit_log_role_grant_history',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: false,
-    input: AuditLogPermitHistoryInput,
-    output: AuditLogPermitHistoryOutput,
+    input: AuditLogRoleGrantHistoryInput,
+    output: AuditLogRoleGrantHistoryOutput,
     async: true,
-    description: 'List permit grant and revoke events with usernames. Admin-only.',
+    description: 'List role_grant grant and revoke events with usernames. Admin-only.',
 };
 export const invite_create_action_spec = {
     method: 'invite_create',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: true,
     input: InviteCreateInput,
     output: InviteCreateOutput,
@@ -244,7 +260,7 @@ export const invite_list_action_spec = {
     method: 'invite_list',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: false,
     input: InviteListInput,
     output: InviteListOutput,
@@ -255,7 +271,7 @@ export const invite_delete_action_spec = {
     method: 'invite_delete',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: true,
     input: InviteDeleteInput,
     output: InviteDeleteOutput,
@@ -267,7 +283,7 @@ export const app_settings_get_action_spec = {
     method: 'app_settings_get',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: false,
     input: AppSettingsGetInput,
     output: AppSettingsGetOutput,
@@ -278,7 +294,7 @@ export const app_settings_update_action_spec = {
     method: 'app_settings_update',
     kind: 'request_response',
     initiator: 'frontend',
-    auth: { role: ROLE_ADMIN },
+    auth: { account: 'required', actor: 'required', roles: [ROLE_ADMIN] },
     side_effects: true,
     input: AppSettingsUpdateInput,
     output: AppSettingsUpdateOutput,
@@ -299,7 +315,7 @@ export const all_admin_action_specs = [
     admin_session_revoke_all_action_spec,
     admin_token_revoke_all_action_spec,
     audit_log_list_action_spec,
-    audit_log_permit_history_action_spec,
+    audit_log_role_grant_history_action_spec,
     invite_create_action_spec,
     invite_list_action_spec,
     invite_delete_action_spec,

package/dist/auth/admin_actions.d.ts CHANGED Viewed

@@ -5,23 +5,23 @@
  *
  * - Account management: `admin_account_list`, `admin_session_list`,
  *   `admin_session_revoke_all`, `admin_token_revoke_all`.
- * - Audit log reads: `audit_log_list`, `audit_log_permit_history`.
+ * - Audit log reads: `audit_log_list`, `audit_log_role_grant_history`.
  * - Invite CRUD: `invite_create`, `invite_list`, `invite_delete`.
  * - App settings: `app_settings_get`, `app_settings_update` (registered only
  *   when `AdminActionOptions.app_settings` is provided — the mutable ref is
  *   owned by the server context and shared with signup middleware).
  *
  * The action specs themselves live in `auth/admin_action_specs.ts`. Mutations
- * emit matching audit events via `audit_log_fire_and_forget`.
+ * emit matching audit events via `deps.audit.emit`.
  *
  * Authorization is declared at the spec level (`auth: {role: 'admin'}`) so
  * the RPC dispatcher enforces it before the handler runs and the generated
- * surface accurately reports the requirement. `permit_revoke` in
- * `auth/permit_offer_actions.ts` uses the same spec-level pattern even though its
+ * surface accurately reports the requirement. `role_grant_revoke` in
+ * `auth/role_grant_offer_actions.ts` uses the same spec-level pattern even though its
  * sibling methods are authenticated-but-not-admin — the dispatcher checks
  * auth per-spec, so mixed-auth endpoints compose cleanly. Handler-level
  * gates are reserved for input-dependent elevation (e.g.
- * `permit_offer_list`/`_history` elevate to admin only when the caller
+ * `role_grant_offer_list`/`_history` elevate to admin only when the caller
  * passes an `account_id` other than their own — an input-dependent check
  * the spec can't express).
  *
@@ -30,13 +30,14 @@
 import { type RpcAction } from '../actions/action_rpc.js';
 import { type RoleSchemaResult } from './role_schema.js';
 import { type AppSettings } from './app_settings_schema.js';
-import type { AuditEmitDeps } from './deps.js';
+import type { RouteFactoryDeps } from './deps.js';
 /** Options for `create_admin_actions`. */
 export interface AdminActionOptions {
     /**
      * Role schema result from `create_role_schema()`. Defaults to builtin
-     * roles only. Used to derive `grantable_roles` (the `web_grantable`
-     * subset) returned by `admin_account_list`.
+     * roles only. Used to derive `grantable_roles` (the subset whose
+     * `RoleSpec.grant_paths` includes `'admin'`) returned by
+     * `admin_account_list`.
      */
     roles?: RoleSchemaResult;
     /**
@@ -49,24 +50,16 @@ export interface AdminActionOptions {
      */
     app_settings?: AppSettings;
 }
-/**
- * Dependencies for `create_admin_actions`.
- *
- * Aliases the shared `AuditEmitDeps` (the `log` / `on_audit_event` /
- * optional `audit_log_config` slice every audit-emitting site picks).
- * `log` drives RPC-internal error logging; `on_audit_event` is wired by
- * the two revoke-all mutations so SSE fan-out mirrors the former
- * REST-route behavior; `audit_log_config` is consumed by
- * `audit_log_fire_and_forget`.
- */
-export type AdminActionDeps = AuditEmitDeps;
 /**
  * Create the admin-only RPC actions.
  *
- * @param deps - `AdminActionDeps` slice of `AppDeps` (`log`, `on_audit_event`, optional `audit_log_config`)
+ * @param deps - `RouteFactoryDeps` (`log`, `audit`, …). `log` drives RPC-
+ *   internal error logging; `audit.emit` writes audit rows via the captured
+ *   pool. The bound emitter encapsulates `on_audit_event` fan-out and the
+ *   optional `AuditLogConfig`.
  * @param options - role schema for `grantable_roles` derivation
  * @returns the `RpcAction` array to spread into a `create_rpc_endpoint` call
  * @mutates `options.app_settings` ref - `app_settings_update` writes `open_signup`, `updated_at`, and `updated_by` so signup middleware reads without a DB round trip
  */
-export declare const create_admin_actions: (deps: AdminActionDeps, options?: AdminActionOptions) => Array<RpcAction>;
+export declare const create_admin_actions: (deps: Pick<RouteFactoryDeps, "log" | "audit">, options?: AdminActionOptions) => Array<RpcAction>;
 //# sourceMappingURL=admin_actions.d.ts.map

package/dist/auth/admin_actions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"admin_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,~~EAA4C~~,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;~~AAEnG~~,OAAO,~~EAAuB~~,KAAK,gBAAgB,~~EAAC~~,MAAM,kBAAkB,CAAC;~~AAuB7E~~,OAAO,EAAC,KAAK,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAK1D,OAAO,KAAK,EAAC,~~aAAa~~,EAAC,MAAM,WAAW,CAAC;~~AA8C7C~~,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IAClC~~;;;;OAIG~~;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED~~;;;;;;;;;GASG~~;AACH,~~MAAM~~,MAAM,~~eAAe~~,~~GAAG~~,~~aAAa~~,CAAC~~;AAE5C;;;;;;;GAOG;AACH~~,~~eAAO~~,~~MAAM~~,~~oBAAoB~~,~~GAChC~~,~~MAAM~~,~~eAAe~~,~~EACrB~~,UAAS,kBAAuB,KAC9B,KAAK,CAAC,SAAS,~~CA4RjB~~,CAAC"}
1	+ {"version":3,"file":"admin_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAsC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAE7F,OAAO,EAGN,KAAK,gBAAgB,EACrB,MAAM,kBAAkB,CAAC;AAuB1B,OAAO,EAAC,KAAK,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAK1D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AA8ChD,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IAClC;;;;;OAKG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,OAAO,CAAC,EAC7C,UAAS,kBAAuB,KAC9B,KAAK,CAAC,SAAS,CAgQjB,CAAC"}